Personal Data (Privacy) (Amendment) Ordinance 2012 - Use and Sale of Personal Data for Direct Marketing.



Similar documents
Use or Transfer of Personal Data for Direct Marketing

Shanghai-Hong Kong Stock Connect: New short selling rules.

Trading Halt Conclusions from the Hong Kong Stock Exchange s Consultation

Hong Kong IPO Sponsor Reforms.

What's Up with Apps in Hong Kong July 2013

COMMENTARY. Hong Kong Strengthens Its Personal Data. on Direct Marketing JONES DAY

Changes relating to age 75 and flexible drawdown

Relaxation of PRC regulatory restrictions on cross-border security and guarantees

China's New Company Registration Regime.

One Step Closer to Liberalisation Formal Unveiling of the Shanghai Free Trade Zone s Free Trade Account.

Mineral, Oil and Gas Companies - Listing on SGX.

FSA paper on conflicts of interest between asset managers and their customers

China opens up its bank card payment clearing market

MiFID II. Key interactions between MiFID/MiFIR II and other EU and US financial services legislation.

Briefing Note UAE Corporate Governance Regime

SAS v World Programming: Court of Appeal considers copyright in software.

Implementation of the Jackson Reforms. The key changes.

Exercising Your Right of Consent to and Opt-out from Direct Marketing Activities under the Personal Data (Privacy) Ordinance 1

Substance requirements applying to Luxembourg UCITS management companies and to Luxembourg self-managed UCITS investments companies

Hong Kong Proposes Margin and Risk Mitigation Standards for Non-Centrally Cleared OTC Derivatives


How To Avoid Inheritance Tax On A Pension Scheme

Welcome to our Summer London seminar programme 2016

New board pay rules are they working? Key statistics

FCA changes client money and custody asset rules

New UK Premium and Standard Listing Regime.

18 August Amendments to the participation exemption regime

EU publishes mandatory Collective Action Clause for use in eurozone sovereign bonds from 1 January 2013

MiFID II: The New Investor Protection Regime

Shared Parental Leave: Nine Months and Counting Understanding employee attitudes to shared parental leave

Pinsent Masons. Competition Law Dawn Raid Checklist & Guidelines. What to do in the first hour of a dawn raid

Singapore: Insolvency Law Review Committee Recommendations.

Shanghai-Hong Kong Stock Connect: Are You Ready for the Through Train to Shanghai?

FSA reports on how banks deal with high-risk customers, correspondent banking relationships and wire transfers

Singapore Consults on OTC Derivatives Regulation.

Revised security regimes in Africa: the OHADA reforms

China pushes change in IT infrastructure by strengthening regulation of cyber security

Final Foreign Private Adviser and Private Fund Adviser Rules Issued by the U.S. Securities and Exchange Commission.

CFTC Aligns Regulation of Certain DCOs with International Standards

Introduction. April Contents

Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong

Foreign investment in the United Arab Emirates.

A Cautionary Tale When Considering Yieldco Dropdown and Other Related Party Transactions: In re: El Paso Pipeline Partners, L.P. Derivative Litigation

European Commission releases final report on business insurance sector inquiry

Independent Commission on Banking Final Report on UK Banking Reform

Freshfields Bruckhaus Deringer Changes to unfair trade practices law in Hong Kong. Summary

MiFID II: The new market structure paradigm

Brief guide to Administration

AIFMD implementation in Germany: Draft Capital Investment Act revised Government draft addresses industry criticism

Loan Market Association publishes new loan documentation

Twenty five essential things to know about the New Companies Ordinance

Personal Data (Privacy) Ordinance and Electronic Health Record Sharing System (Points to Note for Healthcare Providers and Healthcare Professionals)

Guidance on Personal Data Protection in Cross-border Data Transfer 1

Insurance Update. UK Office of Fair Trading refers private healthcare insurance market investigation to the Competition Commission. May 2012.

Big Data for Mutuals. Marc Dautlich 25 November 2013

Senior insurance managers regime: a new regulatory framework for individuals

The Reserved Alternative Investment Fund (RAIF) - The best of two worlds?

Regulated Mortgages. March 2012

Competitive edge. Competition e-learning

National Security Considerations in China s Financial Sectors an International Perspective.

How To Make Money In Indonesia

New FSA rules on disclosure of interests in UK companies

Restructuring & insolvency law in the DIFC.

CONSULTATION PAPER NO

Part 10. Directors and Company Secretaries

Consultation Paper on the Evidential Requirements under the Securities and Futures (Professional Investor) Rules. October 2010

Rupiah requirement on transactions in Indonesia update

Act no 41 on Insurance Mediation ( )

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

The Interior Designers Act

New Guidance on Direct Marketing 1

THIRD SUPPLEMENT TO THE GIBRALTAR GAZETTE No. 4,167 of 7th May, 2015

Guidelines for VOIP Providers

Telephone (03) Facsimile (03) ABN

U.S. Securities Law Briefing

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

PERSONAL LIABILITY FOR DEBTS, FOLLOWING CONTRAVENTION OF S.216

APRIL 2015 ARE YOU READY FOR THE SENIOR MANAGERS AND CERTIFICATION REGIME?

Securities Trading Policy

Overview of the Impact of the Privacy Reforms on Credit Reporting

Privacy Policy First National Real Estate Cremorne ACN

Brief guide to English Corporate Insolvency Law

Applicant any person who is applying or has applied for registration as a Paralegal;

Falcon & Pointer fined 175,000 for making automated calls

Electronic Health Record Sharing System Bill. Contents. Part 1. Preliminary. 1. Short title and commencement... C Interpretation...

BERMUDA PRIVATE INVESTIGATORS AND SECURITY GUARDS ACT : 78

How To Write A Medical Laboratory

Security breach! A closer look from a data protection law perspective November 2014 Gabriel Voisin (Associate)

Trade Direct Insurance Services Ltd Trade Direct House Ockford Road Godalming GU7 1RH. Terms and Conditions of Business Agreement

1 L.R.O Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS

Pacific Smiles Group Privacy Policy

The Shareholder Rights Directive becomes law.

REGULATORY OVERVIEW. This section sets forth a summary of the major laws and regulations applicable to the Group s business in Hong Kong.

Short title 1. This Act may be cited as the Accountants Act. Interpretation 2. In this Act, unless the context otherwise requires "accounting

Share trading policy. Lynas Corporation Limited ACN

CREDIT REPORTING BILL EXPLANATORY NOTES

Professional Direct Insurance Ockford Mill Ockford Road Godalming GU7 1RH. Terms and Conditions of Business Agreement. Our Service

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

USING A SIMILAR NAME FOR YOUR NEW COMPANY/TRADING AS THE ONE THAT IS INSOLVENT

Transcription:

July 2012 Personal Data (Privacy) (Amendment) Ordinance 2012 - Use and Sale of Personal Data for Direct Marketing. Contents Introduction On 27 June 2012, Hong Kong s Legislative Council ( LegCo ) passed the (the Amendment Ordinance ), which was gazetted on 6 July 2012. One of the most important changes to be introduced by the Amendment Ordinance is a restriction on the use of personal data in direct marketing (i.e. the marketing of goods and services by making telephone calls or sending information or goods addressed to specific persons by mail, fax, email or other means of communication). The Amendment Ordinance replaces the current opt-out regime with a new opt-in regime (see the new Part VIA of the Personal Data (Privacy) Ordinance (the PDPO ). Under the new regime, a data user can only use or provide a data subject s personal data to others for use in direct marketing if the data user has provided the requisite information and response facility to the data subject and received the data subject s consent. A failure to comply with the new requirements is a criminal offence. The changes will have important ramifications for every data user who intends to conduct direct marketing or cross-marketing. Introduction... 1 Entry into Force... 1 Use of Personal Data in Direct Marketing... 2 Provision of Personal Data for Use in Direct Marketing (i.e. Cross- Marketing)... 2 What you should do... 3 It is worthy of note that, among other changes, the Amendment Ordinance further increases the power of the Privacy Commissioner. For example, the Privacy Commissioner is now given specific powers to provide assistance to aggrieved data subjects to claim compensation from data users for contravening the PDPO. Entry into Force The Amendment Ordinance will come into effect in phases. The majority of the provisions will come into effect on 1 October 2012. Importantly, the new requirements relating to direct marketing and the Privacy Commissioner s provision of assistance to aggrieved data subjects will come into effect later (on the Commencement Date ), which is currently expected to be in early to mid 2013. This allows the Privacy Commissioner to issue guidance notes and for corporate data users to prepare for the transition. Use and Sale of Personal Data for Direct Marketing 1

Use of Personal Data in Direct Marketing The Amendment Ordinance introduces an opt-in approach in respect of the use of personal data for direct marketing. Subject to the grandfathering arrangement (explained below), the Amendment Ordinance requires data users to take certain specified actions before using personal data in direct marketing, which include: informing the data subject of the intention to use his/her personal data for direct marketing; providing the data subject with specific information about the kinds of personal data to be used and the classes of marketing subjects in relation to which the data is to be used; and providing the data subject with a means (at no cost to the data subject) to communicate the data subject s consent (or no objection ) to the intended use. The information provided must be presented in a manner that is easily understandable (and, if in written form, easily readable). Under a grandfathering arrangement, the new requirements set out above will not, generally speaking, apply to personal data properly collected and used in direct marketing before the Commencement Date. In other words, a data user can continue to use such personal data after the Commencement Date as long as they are used for direct marketing of its own products/services which belong to the same class of products/services as before. Subject to the grandfathering arrangement, data users are strictly prohibited from using personal data in direct marketing unless the relevant data subject s consent (which is revocable) is obtained. It should be noted that where a data subject s consent is obtained orally, the data user must send a written confirmation to the data subject within 14 days. Similar to the present regime, when a data subject s personal data is used in direct marketing for the first time, a data user must inform the data subject of the right to require the data user to cease to use the data. A failure to undertake the requisite actions or to use personal data in direct marketing without the data subject s consent is a criminal offence punishable by a fine of HK$500,000 and imprisonment of up to 3 years. Provision of Personal Data for Use in Direct Marketing (i.e. Cross- Marketing) In addition to enhanced restrictions regarding direct marketing, the Amendment Ordinance introduces specific provisions directed at crossmarketing (i.e. when personal data is sold or otherwise made available to third parties under commercial arrangements for such third parties direct marketing). Use and Sale of Personal Data for Direct Marketing 2

Where cross-marketing is intended, the Amendment Ordinance requires data users to inform the data subject of, among other matters, the intention to provide the personal data, the kinds of personal data to be provided, the classes of persons to whom the data are to be provided and the classes of marketing subjects in relation to which the data are to be provided. If the data is to be provided for gain, that fact must also be explicitly stated. In contrast to the case where the data is used only for one s own direct marketing, in the case of cross-marketing, the data subject must be informed in writing oral notification is not an option. Data users are prohibited from providing personal data to another person for conducting cross-marketing in the absence of the relevant data subject s written consent (oral consent is insufficient). Such consent is revocable. As the grandfathering arrangement does not apply to cross-marketing, this means that after the Commencement Date, no new cross-marketing may take place in Hong Kong unless the new requirements under the Amendment Ordinance are complied with. Contravention of the cross-marketing requirements is a criminal offence punishable by a fine of HK$500,000 and imprisonment of up to 3 years (or a fine of HK$1 million and imprisonment for 5 years if the provision is for gain, i.e. a sale of personal data). What you should do Whilst the Commencement Date has not been set and the Commissioner has yet to publish relevant guidance notes on the new direct marketing regime, in view of the changes, the following preparatory steps are recommended: review the standard personal information collection statement and other relevant terms and conditions for the supply of products or services to determine to what extent they will need to be amended to comply with the new requirements; consider to what extent the grandfathering arrangements will apply to personal data currently held and whether, notwithstanding the grandfathering arrangements, a fresh exercise to obtain consent from relevant data subjects for conducting direct marketing should be conducted; consider whether your organisation intends to conduct crossmarketing in the future (whether with a group entity or an external third party) and if so, whether consent from data subjects need to be obtained and how to obtain such consent; develop or update internal policies and procedures on the use or sale of personal data for direct marketing and cross-marketing in consultation with relevant departments, including front-line marketing staff and the IT department; Use and Sale of Personal Data for Direct Marketing 3

review relevant contracts with data processors and cross-marketing partners to ensure that the contractual provisions comply with the requirements under the Amendment Ordinance; and bear in mind that under the new regime, the Privacy Commissioner may provide legal assistance to data subjects for breach of the PDPO. This may increase the number of complaints (and claims) against data users. We will update you on this subject including notifying you of the announcement of the Commencement Date and the release of relevant guidance notes. Should you have any questions regarding the Amendment Ordinance or other recent Hong Kong data privacy developments (such as the Privacy Commissioner s publication of the guidance note on handling data access request), we would be happy to share our thoughts with you. Use and Sale of Personal Data for Direct Marketing 4

Contacts For further information please contact: Marc Harvey Partner (+852) 2842 4122 marc.harvey@linklaters.com Ivan Chang Managing Associate (+852) 2842 4110 ivan.chang@linklaters.com Author: Marc Harvey and Ivan Chang This publication is intended merely to highlight issues and not to be comprehensive, nor to provide legal advice. Should you have any questions on issues reported here or on other areas of law, please contact one of your regular contacts, or contact the editors. Linklaters. All Rights reserved 2012 Linklaters Hong Kong is a law firm affiliated with Linklaters LLP, a limited liability partnership registered in England and Wales with registered number OC326345. It is a law firm authorised and regulated by the Solicitors Regulation Authority. The term partner in relation to Linklaters LLP is used to refer to a member of the LLP or an employee or consultant of Linklaters LLP or any of its affiliated firms or entities with equivalent standing and qualifications. A list of the names of the members of Linklaters LLP and of the non-members who are designated as partners and their professional qualifications is open to inspection at its registered office, One Silk Street, London EC2Y 8HQ, England or on www.linklaters.com. Please refer to www.linklaters.com/regulation for important information on our regulatory position. We currently hold your contact details, which we use to send you newsletters such as this and for other marketing and business communications. We use your contact details for our own internal purposes only. This information is available to our offices worldwide and to those of our associated firms. If any of your details are incorrect or have recently changed, or if you no longer wish to receive this newsletter or other marketing communications, please let us know by emailing us at marketing.database@linklaters.com. 10th Floor, Alexandra House Chater Road Hong Kong Telephone (+852) 2842 4888 Facsimile (+852) 2810 8133/2810 1695 Use and Sale of Personal Data for Direct Marketing Linklaters.com 5 A15235233/0.7/12 Jul 2012

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information